Commit Graph

71109 Commits

Author SHA1 Message Date
Peter Maydell
968ff692cf ppc patch queue 2019-08-13 (last minute qemu-4.1 fixes)
Here's a very, very last minute pull request for qemu-4.1.  This fixes
 two nasty bugs with the XIVE interrupt controller in "dual" mode
 (where the guest decides which interrupt controller it wants to use).
 One occurs when resetting the guest while I/O is active, and the other
 with migration of hotplugged CPUs.
 
 The timing here is very unfortunate.  Alas, we only spotted these bugs
 very late, and I was sick last week, delaying analysis and fix even
 further.
 
 This series hasn't had nearly as much testing as I'd really like, but
 I'd still like to squeeze it into qemu-4.1 if possible, since
 definitely fixing two bad bugs seems like an acceptable tradeoff for
 the risk of introducing different bugs.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl1SXyoACgkQbDjKyiDZ
 s5K3cA//YA/QK3D3aabaVoqLHPWXuMMQIQaLEwsdzgRYBEzg7r/MOaN85ehVZnhz
 Fx5sm43eguircfQMgLdOpRuJ/7Mgpl7jgRfJegsQFoW4UqXh0ZVJru0gv8wLsMxe
 X7eLT2e7uwtnEoy02gqbiHBDiZ51dWSZw6aeSulLFsZsajF9TeBzZ8ENUAeFcLhi
 lphkh8tzeXfbBivriTuuDI2nfGwtwDsw0JTHNbNxdSTtFxXt1mFH5TUHB8W9CgCC
 NTqdxWyGlyQKTeIt7eWM8UJ+/BMHMVT/VhqC1syeG8qVdLNIoC5dA2mh02Gqy3cq
 /KKd12Pd8/bwtYG6PCCXRMudqzeN3AVDSCZ99fEkEyo1lkYlP9o82CTofLHW1Yyz
 qHFmjoKIgi8iTW9lLYK0ITnVdP8R49sgTx1JwNSPse3V77ljqhCQSu/pI3cCUQY7
 5q4W92vhMJpYmGW60iKtp19FPuoPl93DjlO7LMAYs6vmPwcJv5meQ+hq8/cE3K4m
 D2y/bGH9+K9uM41tcwh50oZcWARHsIxg4rb/Bb/rZZmuhIb56ij7KY+TwVe0w5P6
 uFMaRW4AbDHqv+YzaU2jYikPsgD0iJOo8af1PN/FYs8ao4ssRh9ER3d1LOGk8yvr
 ugycphTQK+Ij7cYwoE6m4Ub0l4CXzYHxpxG+6/yypJBhrq3r6B8=
 =rtRF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.1-20190813' into staging

ppc patch queue 2019-08-13 (last minute qemu-4.1 fixes)

Here's a very, very last minute pull request for qemu-4.1.  This fixes
two nasty bugs with the XIVE interrupt controller in "dual" mode
(where the guest decides which interrupt controller it wants to use).
One occurs when resetting the guest while I/O is active, and the other
with migration of hotplugged CPUs.

The timing here is very unfortunate.  Alas, we only spotted these bugs
very late, and I was sick last week, delaying analysis and fix even
further.

This series hasn't had nearly as much testing as I'd really like, but
I'd still like to squeeze it into qemu-4.1 if possible, since
definitely fixing two bad bugs seems like an acceptable tradeoff for
the risk of introducing different bugs.

# gpg: Signature made Tue 13 Aug 2019 07:56:42 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-4.1-20190813:
  spapr/xive: Fix migration of hot-plugged CPUs
  spapr: Reset CAS & IRQ subsystem after devices

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-13 11:35:30 +01:00
Cédric Le Goater
310cda5b5e spapr/xive: Fix migration of hot-plugged CPUs
The migration sequence of a guest using the XIVE exploitation mode
relies on the fact that the states of all devices are restored before
the machine is. This is not true for hot-plug devices such as CPUs
which state come after the machine. This breaks migration because the
thread interrupt context registers are not correctly set.

Fix migration of hotplugged CPUs by restoring their context in the
'post_load' handler of the XiveTCTX model.

Fixes: 277dd3d771 ("spapr/xive: add migration support for KVM")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20190813064853.29310-1-clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-08-13 16:50:30 +10:00
David Gibson
25c9780d38 spapr: Reset CAS & IRQ subsystem after devices
This fixes a nasty regression in qemu-4.1 for the 'pseries' machine,
caused by the new "dual" interrupt controller model.  Specifically,
qemu can crash when used with KVM if a 'system_reset' is requested
while there's active I/O in the guest.

The problem is that in spapr_machine_reset() we:

1. Reset the CAS vector state
	spapr_ovec_cleanup(spapr->ov5_cas);

2. Reset all devices
	qemu_devices_reset()

3. Reset the irq subsystem
	spapr_irq_reset();

However (1) implicitly changes the interrupt delivery mode, because
whether we're using XICS or XIVE depends on the CAS state.  We don't
properly initialize the new irq mode until (3) though - in particular
setting up the KVM devices.

During (2), we can temporarily drop the BQL allowing some irqs to be
delivered which will go to an irq system that's not properly set up.

Specifically, if the previous guest was in (KVM) XIVE mode, the CAS
reset will put us back in XICS mode.  kvm_kernel_irqchip() still
returns true, because XIVE was using KVM, however XICs doesn't have
its KVM components intialized and kernel_xics_fd == -1.  When the irq
is delivered it goes via ics_kvm_set_irq() which assert()s that
kernel_xics_fd != -1.

This change addresses the problem by delaying the CAS reset until
after the devices reset.  The device reset should quiesce all the
devices so we won't get irqs delivered while we mess around with the
IRQ.  The CAS reset and irq re-initialize should also now be under the
same BQL critical section so nothing else should be able to interrupt
it either.

We also move the spapr_irq_msi_reset() used in one of the legacy irq
modes, since it logically makes sense at the same point as the
spapr_irq_reset() (it's essentially an equivalent operation for older
machine types).  Since we don't need to switch between different
interrupt controllers for those old machine types it shouldn't
actually be broken in those cases though.

Cc: Cédric Le Goater <clg@kaod.org>

Fixes: b2e22477 "spapr: add a 'reset' method to the sPAPR IRQ backend"
Fixes: 13db0cd9 "spapr: introduce a new sPAPR IRQ backend supporting
                 XIVE and XICS"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-08-13 15:59:21 +10:00
Gerd Hoffmann
5e7bcdcfe6 display/bochs: fix pcie support
Set QEMU_PCI_CAP_EXPRESS unconditionally in init(), then clear it in
realize() in case the device is not connected to a PCIe bus.

This makes sure the pci config space allocation is big enough, so
accessing the PCIe extended config space doesn't overflow the pci
config space buffer.

PCI(e) config space is guest writable.  Writes are limited by
write mask (which probably is also filled with random stuff),
so the guest can only flip enabled bits.  But I suspect it
still might be exploitable, so rather serious because it might
be a host escape for the guest.  On the other hand the device
is probably not yet in widespread use.

(For a QEMU version without this commit, a mitigation for the
bug is available: use "-device bochs-display" as a conventional pci
device only.)

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190812065221.20907-2-kraxel@redhat.com
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-12 16:36:41 +01:00
Peter Maydell
864ab314f1 Update version for v4.1.0-rc4 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-06 17:05:21 +01:00
Cornelia Huck
bb15791166 compat: disable edid on virtio-gpu base device
'edid' is a property of the virtio-gpu base device, so turning
it off on virtio-gpu-pci is not enough (it misses -ccw). Turn
it off on the base device instead.

Fixes: 0a71966253 ("edid: flip the default to enabled")
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190806115819.16026-1-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-06 15:45:59 +01:00
Peter Maydell
df1a7c99dd Block patches for 4.1.0-rc4:
- Fix the backup block job when using copy offloading
 - Fix the mirror block job when using the write-blocking copy mode
 - Fix incremental backups after the image has been grown with the
   respective bitmap attached to it
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl1JaxMSHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AdCUH/R/pYY0OC2fHYYJnp/UxLK2aKvNBVcab
 u/8mXaDE5D9lNXbvXQx4bb+8TTcoKlH30qYcj5eDQ6BuRwPXGrNzBlHIXINTXKnF
 HRSLRE5LDRhj/K3GTyFqxKNShR6sC1jpTLEYlcV2xDhTPJQg5Nk1CgsFB3bzHINc
 6HUr0wMZAQwt/j+UmiFDc2nQyUGy+uJDiZ5cmRHNPf+ptZaAExVoxrDYHmogpa3z
 /oZrdpxEfN1sEjuiwWyxw75LBwKKj9yjIqFiIV0Yqo/aLYDH7g9eOr8b914Qbaht
 yFFcUh4SEALxejXd4MllnFyCPGuygZn8amON9xYa2jStXmL4CziDax0=
 =oGaJ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2019-08-06' into staging

Block patches for 4.1.0-rc4:
- Fix the backup block job when using copy offloading
- Fix the mirror block job when using the write-blocking copy mode
- Fix incremental backups after the image has been grown with the
  respective bitmap attached to it

# gpg: Signature made Tue 06 Aug 2019 12:57:07 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2019-08-06:
  block/backup: disable copy_range for compressed backup
  iotests: Test unaligned blocking mirror write
  mirror: Only mirror granularity-aligned chunks
  iotests: Test incremental backup after truncation
  util/hbitmap: update orig_size on truncate
  iotests: Test backup job with two guest writes
  backup: Copy only dirty areas

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-06 13:40:31 +01:00
Vladimir Sementsov-Ogievskiy
110571be4e block/backup: disable copy_range for compressed backup
Enabled by default copy_range ignores compress option. It's definitely
unexpected for user.

It's broken since introduction of copy_range usage in backup in
9ded4a0114.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20190730163251.755248-3-vsementsov@virtuozzo.com
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:27 +02:00
Max Reitz
19ba4651fe iotests: Test unaligned blocking mirror write
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190805113526.20319-1-mreitz@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:26 +02:00
Max Reitz
9adc1cb49a mirror: Only mirror granularity-aligned chunks
In write-blocking mode, all writes to the top node directly go to the
target.  We must only mirror chunks of data that are aligned to the
job's granularity, because that is how the dirty bitmap works.
Therefore, the request alignment for writes must be the job's
granularity (in write-blocking mode).

Unfortunately, this forces all reads and writes to have the same
granularity (we only need this alignment for writes to the target, not
the source), but that is something to be fixed another time.

Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190805153308.2657-1-mreitz@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Fixes: d06107ade0
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:25 +02:00
Max Reitz
8a9cb86408 iotests: Test incremental backup after truncation
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190805152840.32190-1-mreitz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:24 +02:00
Vladimir Sementsov-Ogievskiy
4e4de22279 util/hbitmap: update orig_size on truncate
Without this, hbitmap_next_zero and hbitmap_next_dirty_area are broken
after truncate. So, orig_size is broken since it's introduction in
76d570dc49.

Fixes: 76d570dc49
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20190805120120.23585-1-vsementsov@virtuozzo.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:20 +02:00
Max Reitz
5f594a2e99 iotests: Test backup job with two guest writes
Perform two guest writes to not yet backed up areas of an image, where
the former touches an inner area of the latter.

Before HEAD^, copy offloading broke this in two ways:
(1) The target image differs from the reference image (what the source
    was when the backup started).
(2) But you will not see that in the failing output, because the job
    offset is reported as being greater than the job length.  This is
    because one cluster is copied twice, and thus accounted for twice,
    but of course the job length does not increase.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190801173900.23851-3-mreitz@redhat.com
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Tested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:17 +02:00
Max Reitz
4a5b91ca02 backup: Copy only dirty areas
The backup job must only copy areas that the copy_bitmap reports as
dirty.  This is always the case when using traditional non-offloading
backup, because it copies each cluster separately.  When offloading the
copy operation, we sometimes copy more than one cluster at a time, but
we only check whether the first one is dirty.

Therefore, whenever copy offloading is possible, the backup job
currently produces wrong output when the guest writes to an area of
which an inner part has already been backed up, because that inner part
will be re-copied.

Fixes: 9ded4a0114
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20190801173900.23851-2-mreitz@redhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-08-06 13:17:01 +02:00
Peter Maydell
9bb68d34dd A harmless build-sys patch that fixes a regression affecting Linux
distributions packaging QEMU.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdRUSvAAoJEOPjLCzercDePvgP/A/qvTzt0OHiXDA0oLxTfJTs
 rt+63LVuxmLfWOJUMB2A4Y84lHwvqxanud6U7i9WnbgBZmNPGNUYJ7JJca3tXL9B
 BlNhjWJFVYTJT4A9ese4zSq8TGbflootoRfQIU29vy2cWcIFCWoM9zRLGim91AE7
 KSzX2dUN95sRV63Lyh3+cs800kp+vCJHpRmcRNGZtW/sc4rjvUyPWgMWseRSU81h
 g97AP6qfTNS5KIXXW4tdi9srSCeO66mKJzwfrErmzG6SrMvFTr9UcTfbV3veQomF
 bCiDq14DuEL3O9af6xI6dht8X93WEeTTAz51iHv4KZllRD8LtNhrvl6xzWomSli/
 OGwKO7dJebTv8htAlyPcIY64wp0viG0paBH2hmf5PI+R0WmoRhM7eeGw9LA/OXRd
 /RzEGklghlmbPDHLKLOjdtgjmbwlymtv9bPE8cmPEAr3eWrMNRrjh7Ze5NqrAg8Z
 R3Kv7XnKU1SMM3Y7GMTTZ7CIf4ysyn2MD72TPs2DGl41a9mjRzTLJA8hE2kJZQQ8
 /Q1RVniU4cAgnT2NMpdO9qj/0daaer4v9oz3p/r/eiC6tT6ez/f+ejMPcGJcw/wf
 ug7nEyjJFNj4HVGwFPuRHPTP3uxAhiBdaApImwsT1JgTndeW1H1FrCgoyBmsJWon
 3h9JifnFfh/gQ99qXKDu
 =jg9/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/edk2-next-20190803' into staging

A harmless build-sys patch that fixes a regression affecting Linux
distributions packaging QEMU.

# gpg: Signature made Sat 03 Aug 2019 09:24:15 BST
# gpg:                using RSA key E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/edk2-next-20190803:
  Makefile: remove DESTDIR from firmware file content

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-05 11:05:36 +01:00
Olaf Hering
177cd674d6 Makefile: remove DESTDIR from firmware file content
The resulting firmware files should only contain the runtime path.
Fixes commit 26ce90fde5 ("Makefile: install the edk2 firmware images
and their descriptors")

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190530192812.17637-1-olaf@aepfle.de>
Fixes: https://bugs.launchpad.net/qemu/+bug/1838703
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-03 09:52:32 +02:00
Peter Maydell
02ac2f7f61 target/arm: Avoid bogus NSACR traps on M-profile without Security Extension
In Arm v8.0 M-profile CPUs without the Security Extension and also in
v7M CPUs, there is no NSACR register. However, the code we have to handle
the FPU does not always check whether the ARM_FEATURE_M_SECURITY bit
is set before testing whether env->v7m.nsacr permits access to the
FPU. This means that for a CPU with an FPU but without the Security
Extension we would always take a bogus fault when trying to stack
the FPU registers on an exception entry.

We could fix this by adding extra feature bit checks for all uses,
but it is simpler to just make the internal value of nsacr 0xcff
("all non-secure accesses allowed"), since this is not guest
visible when the Security Extension is not present. This allows
us to continue to follow the Arm ARM pseudocode which takes a
similar approach. (In particular, in the v8.1 Arm ARM the register
is documented as reading as 0xcff in this configuration.)

Fixes: https://bugs.launchpad.net/qemu/+bug/1838475
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Damien Hedde <damien.hedde@greensocs.com>
Message-id: 20190801105742.20036-1-peter.maydell@linaro.org
2019-08-02 17:18:16 +01:00
Peter Maydell
9bcf2dfa16 Slirp CVE-2019-14378 pull request
-----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAl1EG8QcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5RRtD/4oTg538gDBVQAmaIVx
 I5Q0yiVxJGtDSDCahdH+fgGyOCk/lpx55qS/wXuPXn5MxV1Mo26N6iUaTi6cQDiV
 /xvkLJAxRzfoRS/W6Ipcjrs3s45hw4biTPVZe37i6I2ammr12ASUZJJbV+51Q2rQ
 quoqWCGfaMGSdm4yTlLtkArJVcQyKouVTAaORVNTc1fdwqI2Iur3hdRYNbxU02pi
 V5fTdKqWLeIzTpRqjWWizDdPoGHhjLwq2FJ1xqGbaEjJDh+N3Gs/dK4ZdDcAE3/t
 Sx8PidwFopgWJGKrEe2iPHnHO9XGKy9XJkdrp+srfPJU2UybXKnE14R0IaiIwwFN
 Fxh/bn8zzeu0DzBLNO3vhhJ925HAnzsBVT8E/Lj272s5lY5fg8/MA2nkBuIa/4yL
 cqA55jfsYo+EzMwztPENoz9izYeOGu1hLCFVQdSl8OjrrFOvwIIyglWWrrPVjaEh
 Y8BjU9gl4D1JRwXhjKkE/UYUCoYHXVexlxsWrEf3cweGpBcAqJg3Qa94q2oxeuGR
 ZAian3N6wXu4kOiijwVeBB8pnW5J9K3D4mO/avZl94Qy5SAD8nTpbCrY8tfXQc4v
 oG86EE15Fa2mV0r0ixI1/h2RXbKaCVOv+wKeaQmTbureQFqGnEOQZoKIuSNaYi+x
 VJZAvGPY1zoLAnxaJ82dWLWJ+g==
 =w3RA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/elmarco/tags/slirp-CVE-2019-14378-pull-request' into staging

Slirp CVE-2019-14378 pull request

# gpg: Signature made Fri 02 Aug 2019 12:17:24 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/slirp-CVE-2019-14378-pull-request:
  slirp: update with CVE-2019-14378 fix

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-08-02 13:06:03 +01:00
Marc-André Lureau
e1a4a24d26 slirp: update with CVE-2019-14378 fix
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-08-02 15:14:56 +04:00
Peter Maydell
3bd6cbbb18 Update version for v4.1.0-rc3 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 22:02:05 +01:00
Peter Maydell
4366e7cfb4 pci: bugfix
A last minute fix to cross-version migration.
 Better late than never.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJdQGtOAAoJECgfDbjSjVRp/7YH/1XrwwWpjRI3DKM3c4VZCGPW
 8MYROepOYuHf/hJmxRzlg46LjojNtj+ro2NghPKHhg/veHc1F/S0IWmrlYF8sNqV
 SdkK+teaGP/VxgKKV4mFYqujO/OMGsm4giAUAZUHACtJdUuwNOwuVY3zAzaOwYh3
 q2rFlVQjGenM528r5fJFLkkWfPSbGQMFZUVt6TgZy9Xi7a2gl77+iy/rqmPFhpZg
 kuwwViDpDiMNqBOChhi/UFlmAgbYr5mxq/n5KWp5FMnNL3t7KzaPtUsQSqKoj7Jt
 3IaHFk5yLj+mAb0TmvQhIpzl/C7E/XzOzEhZzS4iiSzUNk0xJktZ8tKQGfPJduw=
 =QdwK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pci: bugfix

A last minute fix to cross-version migration.
Better late than never.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 30 Jul 2019 17:07:42 BST
# gpg:                using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  pcie_root_port: Disable ACS on older machines
  pcie_root_port: Allow ACS to be disabled

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 20:53:26 +01:00
Dr. David Alan Gilbert
c8557f1b48 pcie_root_port: Disable ACS on older machines
ACS got added in 4.0 unconditionally,  that broke older<->4.0 migration
where there was a PCIe root port.
Fix this by turning it off for 3.1 and older machines; note this
fixes compatibility for older QEMUs but breaks compatibility with 4.0
for older machine types.

    machine type    source qemu   dest qemu
       3.1             3.1           4.0        broken
       3.1             3.1           4.1rc2     broken
       3.1             3.1           4.1+this   OK ++
       3.1             4.0           4.1rc2     OK
       3.1             4.0           4.1+this   broken --
       4.0             4.0           4.1rc2     OK
       4.0             4.0           4.1+this   OK

So we gain and lose; the consensus seems to be treat this as a
fix for older machine types.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190730093719.12958-3-dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-07-30 12:07:07 -04:00
Dr. David Alan Gilbert
a58dfba201 pcie_root_port: Allow ACS to be disabled
ACS was added in 4.0 unconditionally, this breaks migration
compatibility.
Allow ACS to be disabled by adding a property that's
checked by pcie_root_port.

Unfortunately pcie-root-port doesn't have any instance data,
so there's no where for that flag to live, so stuff it into
PCIESlot.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190730093719.12958-2-dgilbert@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2019-07-30 12:07:07 -04:00
Peter Maydell
987a232242 target/arm: Deliver BKPT/BRK exceptions to correct exception level
Most Arm architectural debug exceptions (eg watchpoints) are ignored
if the configured "debug exception level" is below the current
exception level (so for example EL1 can't arrange to get debug exceptions
for EL2 execution). Exceptions generated by the BRK or BPKT instructions
are a special case -- they must always cause an exception, so if
we're executing above the debug exception level then we
must take them to the current exception level.

This fixes a bug where executing BRK at EL2 could result in an
exception being taken at EL1 (which is strictly forbidden by the
architecture).

Fixes: https://bugs.launchpad.net/qemu/+bug/1838277
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190730132522.27086-1-peter.maydell@linaro.org
2019-07-30 17:05:22 +01:00
Peter Maydell
62ae78c77a Block layer patches:
- fdc: Fix inserting read-only media in empty drive
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdQGL+AAoJEH8JsnLIjy/WAQwQAIjFzuqJA9f+51n61zwo9Aj5
 BnkHK8C7Y+DYapTpXQzg/SS5zyS7MVFXqzPX+riAnP3n4rFKk8GsfIUR97i+bo4D
 mIgyfiVicVSpIIhdQUW3RIrYF4BrN4vV8Mz5Bclej89BO6Yh57FLyzmXHLyhbtO+
 qRXDUE8F5tlv81W/ljye1iUqA9HkrullKNW8SsakK0G7YWrGdHXewCb3xeSIxeCs
 cYkCQsU0fbnJgrdpSIIxxDn2AItLqLJOfSKbisMavAkzKyT9mQM+sw/ng6JrClBI
 1tqkNXynZ1lUX34tj4WXoDrpfYPyc6k013AgqjCQOdTGqkbUZIT9dRJWc4W+QP2J
 8OpJKx8lCnRhzdqYXxoptIUW/z/gLMW8877RJl03D0O7OLOrGHvFE9ow25uXBpNH
 74Iq5aKZAn8XJdO/QfWI9nYolQk04J7dxBs+evsdyUz2K1QsnZBaiKn5BLvskYPA
 +dB0BoD2T99SApCb8KbTWCqYqRWJraWBc5Dml2PoU1ffjfiZdbQUdoCRkuLTvNn8
 KsXG4Seg8UA3S4gMKdTnCXZNkOTflFOLH1Sor3JbVROp4ii0t4zORcAXA43T0+QP
 To0UyS/OhSk3RlzofG1IPEBuk2i1VYaCZSllj1sWbSY6XftLp+75JZd2gVPBy8/b
 TAmvsQYf36gP6yNL1Tga
 =lrIS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- fdc: Fix inserting read-only media in empty drive

# gpg: Signature made Tue 30 Jul 2019 16:32:14 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  iotests/118: Test inserting a read-only medium
  fdc: Fix inserting read-only media in empty drive

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 16:35:17 +01:00
Kevin Wolf
6817416014 iotests/118: Test inserting a read-only medium
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2019-07-30 17:32:01 +02:00
Kevin Wolf
0b9e918f03 fdc: Fix inserting read-only media in empty drive
In order to insert a read-only medium (i.e. a read-only block node) to
the BlockBackend of a floppy drive, we must not have taken write
permissions on that BlockBackend, or the operation will fail with the
error message "Block node is read-only".

The device already takes care to remove all permissions when the medium
is ejected, but the state isn't correct if the drive is initially empty:
It uses blk_is_read_only() to check whether write permissions should be
taken, but this function returns false for empty BlockBackends in the
common case.

Fix floppy_drive_realize() to avoid taking write permissions if the
drive is empty.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
2019-07-30 17:31:58 +02:00
Peter Maydell
8517bf8405 Block patch for 4.1.0-rc3:
- Fix CID 1403771 in block/nvme.c
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl1APWgSHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AeN0H/0DBLJz9Jcc679RCGg4JPCrOcfvusHzr
 rUd5lxx9al9c3VoSHqXFb0QIYNJnFP+ylLT/Pbt7KrXBimT2xpGEpsoSYv59OYA7
 qcOrHqVkUeIB8CWxA7qQxZC6ZHWvRApZqsIsNzcm/KBNd25gpmZO507ByEefZzYQ
 3RenEhpZQIfsbdgMgkXW/xh1o2JrCas4JbHrwJQKF0NfmLSOMvJx9lflOf7dEkQw
 nTa/UwfBiA2e5tzcnl89BS2/kZ6g4Ug1h1IYk7g63QTcYeb88jjxLQltmoSR+daG
 5hza5M5OJw98fFIOZOiYbwdPTaeHjcTTeuJXbb1Em8A1S95Pe2eTWg0=
 =oi2U
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2019-07-30' into staging

Block patch for 4.1.0-rc3:
- Fix CID 1403771 in block/nvme.c

# gpg: Signature made Tue 30 Jul 2019 13:51:52 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2019-07-30:
  nvme: Limit blkshift to 12 (for 4 kB blocks)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 14:23:07 +01:00
Max Reitz
1120407bdf nvme: Limit blkshift to 12 (for 4 kB blocks)
Linux does not support blocks greater than 4 kB anyway, so we might as
well limit blkshift to 12 and thus save us from some potential trouble.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20190730114812.10493-1-mreitz@redhat.com
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Coverity: CID 1403771
Signed-off-by: Max Reitz <mreitz@redhat.com>
2019-07-30 14:49:24 +02:00
Peter Maydell
6e9a6cbe7d Block layer patches:
- scsi-cd: Fix inserting read-only media in empty drive
 - block/copy-on-read: Fix permissions for inactive node
 - Test case fixes
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdQChMAAoJEH8JsnLIjy/WXmgQAItW4Nqmd8NynwWMCLEBRRIV
 4PUa8w0uUQ/5C+CVc0RYzYWtSg9+GRqaMufT1TAAxFaBAavCF7gc6xty9cufCoQY
 LpJRn1PhOzuVpPjALnkjEnlhFAKIvgBkq/lSIq0Ly0gkGN/nlnwohndXQnazjvIp
 +fU8i65kSaCTPJtXC9TSiKWuRewHIcqP1mVuzfjD+arzqB8yQOiOIAj/GB243cGE
 1WbVJPRQhRQ5DDYFMI44mnZcewKjyFMinRzONLuFkn1QoRCV54+5suhcfhdGwUj2
 Qgovg5kZ7TDRO0u3P/S+KJwwLJ1x1wpdq/5Xa8S3UmdRVfujlNcrkR814e43qdLz
 DwrCa0XnQnZKbmkAcOGx5Fi8wt0wo9Yl8Ymyo6mMyNJpgG5hd4NU1Lx6SUkLwir+
 E1Jd8u2HCsOMZeiyAr80/fhp3Lx8eBsALZITJISUTx7oNY5b7+fmXqFr470v58u5
 Q3MkZ3FC1uIJzAQEXA9r+3XrRkxSAFxDyp/Swlwkm1891CkrGXqtE0WohLirgYJs
 alAFJT7nI8tcXmtPLfO+oAbPZY+EGgI/q2puHDNEIMJ/11X/RGi7/4SBWyiAEdtx
 +uLTYK2w5X87QhZHfyr0YSGmOq2WV7BdqTN8a++gf8z31++lmAHKi1/8a887mgeF
 8PDAPMO8z20U2FxU0Z3a
 =Xbui
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- scsi-cd: Fix inserting read-only media in empty drive
- block/copy-on-read: Fix permissions for inactive node
- Test case fixes

# gpg: Signature made Tue 30 Jul 2019 12:21:48 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  scsi-cd: Fix inserting read-only media in empty drive
  block/copy-on-read: Fix permissions for inactive node
  Fixes: add read-zeroes to 051.out
  tests/multiboot: Fix load address of test kernels

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 12:25:35 +01:00
Kevin Wolf
7cef3d1290 scsi-cd: Fix inserting read-only media in empty drive
scsi-disks decides whether it has a read-only device by looking at
whether the BlockBackend specified as drive=... is read-only. In the
case of an anonymous BlockBackend (with a node name specified in
drive=...), this is the read-only flag of the attached node. In the case
of an empty anonymous BlockBackend, it's always read-write because
nothing prevented it from being read-write.

This is a problem because scsi-cd would take write permissions on the
anonymous BlockBackend of an empty drive created without a drive=...
option. Using blockdev-insert-medium with a read-only node fails then
with the error message "Block node is read-only".

Fix scsi_realize() so that scsi-cd devices always take read-only
permissions on their BlockBackend instead.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1733920
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2019-07-30 13:21:38 +02:00
Kevin Wolf
2b23f28639 block/copy-on-read: Fix permissions for inactive node
The copy-on-read drive must not request the WRITE_UNCHANGED permission
for its child if the node is inactive, otherwise starting a migration
destination with -incoming will fail because the child cannot provide
write access yet:

  qemu-system-x86_64: -blockdev copy-on-read,file=img,node-name=cor: Block node is read-only

Earlier QEMU versions additionally ran into an abort() on the migration
source side: bdrv_inactivate_recurse() failed to update permissions.
This is silently ignored today because it was only supposed to loosen
restrictions. This is the symptom that was originally reported here:

  https://bugzilla.redhat.com/show_bug.cgi?id=1733022

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2019-07-30 12:25:43 +02:00
Andrey Shinkevich
251071e0c0 Fixes: add read-zeroes to 051.out
The patch "iotests: Set read-zeroes on in null block driver for Valgrind"
with the commit ID a6862418fe needs the change in 051.out when
compared against on the s390 system.

Fixes: a6862418fe
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-30 12:25:43 +02:00
Kevin Wolf
6078a0b64f tests/multiboot: Fix load address of test kernels
While older toolchains produced binaries where the physical load address
of ELF segments was the same as the virtual address, newer versions seem
to choose a different physical address if it isn't specified explicitly.
The means that the test kernel doesn't use the right addresses to access
e.g. format strings any more and the whole output disappears, causing
all test cases to fail.

Fix this by specifying the physical load address of sections explicitly.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-30 12:25:43 +02:00
Peter Maydell
ee9545ed15 virtio, pc: fixes
A couple of last minute bugfixes.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJdP2FyAAoJECgfDbjSjVRpv7wIAIuhmRkH9b5qEolv6aYU9/n5
 RaSai5bs0l+KO7SRGzpjf6AJkg2szV0Txxx4+YCg8xSkWumrE6XTRNq3/qKxRkJk
 KP1pzq0n01YTMoH7aEVTxPTgeOEnYu9yctQ0qgR513FK+2tkaN54LAQd4paHdTLZ
 bU0n3D0ao1mwKIoXjkw86qdOk2gCKuatda1UMGiH0eY6nZgyI/Uft5LaFfD+17PT
 7DbLVER+jGdtX3MNH6JZEVciFSyn8Z6h8A5CegsR94UVYqIdARXYgtBDTlJDKOYG
 L1IyRelMvRn3DibNyr0qN0uCoYCSZAvWBgOsaIbHWlipPzYXq2UW/jR0X2pLSf0=
 =iiAT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pc: fixes

A couple of last minute bugfixes.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 29 Jul 2019 22:13:22 BST
# gpg:                using RSA key 281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  pc-dimm: fix crash when invalid slot number is used
  Revert "hw: report invalid disable-legacy|modern usage for virtio-1-only devs"
  Revert "Revert "globals: Allow global properties to be optional""

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-30 09:43:32 +01:00
Igor Mammedov
22235bb609 pc-dimm: fix crash when invalid slot number is used
QEMU will crash with:
  Segmentation fault (core dumped)
when negative slot number is used, ex:
  qemu-system-x86_64 -m 1G,maxmem=20G,slots=256 \
      -object memory-backend-ram,id=mem1,size=1G \
      -device pc-dimm,id=dimm1,memdev=mem1,slot=-2

fix it by checking that slot number is within valid range.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20190723160859.27250-1-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Igor Mammedov &lt;<a href="mailto:imammedo@redhat.com" target="_blank">imammedo@redhat.com</a>&gt;<br></blockquote><div><br></div><div>Reviewed-by: Li Qiang &lt;<a href="mailto:liq3ea@gmail.com">liq3ea@gmail.com</a>&gt;<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Reviewed-by: Pankaj Gupta <pagupta@redhat.com>
2019-07-29 16:57:27 -04:00
Dr. David Alan Gilbert
dd56040d29 Revert "hw: report invalid disable-legacy|modern usage for virtio-1-only devs"
This reverts commit f2784eed30
since that accidentally removes the PCIe capabilities from virtio
devices because virtio_pci_dc_realize is called before the new 'mode'
flag is set.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190729162903.4489-3-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2019-07-29 16:57:27 -04:00
Dr. David Alan Gilbert
92fd453c67 Revert "Revert "globals: Allow global properties to be optional""
This reverts commit 8fa70dbd8b.

Because we're about to revert it's neighbour and thus uses an optional
again.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20190729162903.4489-2-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
2019-07-29 16:57:27 -04:00
Peter Maydell
34e2746bca x86 queue for 4.1
* Rename and fix SnowRidge CPU model (Paul Lai)
 -----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEEWjIv1avE09usz9GqKAeTb5hNxaYFAl0/Gj4UHGVoYWJrb3N0
 QHJlZGhhdC5jb20ACgkQKAeTb5hNxab/Zw/+LQxNhWnDyBSijgiopD8ghdkV/NVs
 eQNBBVkBoiJ8uPaA+sj7891iZnRSrqDFV+9WM2ZUQQTahvA7wZ7PIz1i7PqsICf0
 1uvJb+c5P+PLUDqs9rJTKC5+jocBo/h1gUKFnyMDwLC+atohmge1pz/ZrKiFw03e
 TvKE0ffNUcIsDaPHsF4HgEho9RT8gtlHCFJsnD8A8/ea8Xz1bL6JCMdsCewg+FlK
 u17s+nJ+Jy6U8OeE78TbablMzXIo8yU9fDdzP+2TuGm4Lfv9yBFjJMxynEsLexc4
 CTrp8NtYQNXEZR0KGHpBx2DBXbtsvZS2eoFE5PgPzjh4nXHeNvGISnkWVeM8cmVl
 BtBKK1XLBuIigl4FaJ71EZb19Z7wC719PHa00Y2bDMH7ij6kIymDIcgG0N1D3amN
 vnn11DfVylGmSpVdOYTbD4XPmqj8BwNfzW5qimW+tXFp7p8FjIxzYYuJiaO10mN9
 1QSNB/knOzVrKODx6w9cusGfwQmDwZDpMxJbs9TAf9y9AmCo8O9VxMET77595XpF
 UTH6iSKSJIUus2cUwCPqCb7H/CIJnAYJIi2ePbt0n3lw2dkWuZCWWoeZNkSlB8Nv
 P1/y9omY/tpCkRJrV7CPl7sqLkPUTK79+Blh+V9xwDA/DcughSzsnOEHFhPjWysY
 a0VrXq8Xj/AwDXs=
 =XiSq
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue for 4.1

* Rename and fix SnowRidge CPU model (Paul Lai)

# gpg: Signature made Mon 29 Jul 2019 17:09:34 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  i386: Fix Snowridge CPU model name and features

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-29 17:11:18 +01:00
Paul Lai
ff656fcd33 i386: Fix Snowridge CPU model name and features
Changing the name to Snowridge from SnowRidge-Server.
There is no client model of Snowridge, so "-Server" is unnecessary.

Removing CPUID_EXT_VMX from Snowridge cpu feature list.

Signed-off-by: Paul Lai <paul.c.lai@intel.com>
Tested-by: Tao3 Xu <tao3.xu@intel.com>
Message-Id: <20190716155808.25010-1-paul.c.lai@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2019-07-29 13:08:02 -03:00
Peter Maydell
893dc8300c -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJdPq64AAoJEO8Ells5jWIR790H/RVKgnVALMyXYQ7l1ftVRvzA
 IJ6o8LHS2MlSbcyh182/tRl2LHGDEnnu3YfktocwnuRVQauS5QOebLwUB8oA41Uf
 LeLeVmxQtQE/7b1czQjxCl9jCnaY3tmkAAhkEOT/cXBrM6JlujgEWS8cKi3jqbMS
 grGpeOKCjZX4F3HI47J2Tgij1KKTOz/Roj+mqzC1+o9twN9k32W0DRovTnGWUu09
 6vzSS8UkfdyTfQk+OCVaxloXP3CMqKMeWNsWTRSk+yKbk7kKBoW3goF5N3AAjEl6
 5JYcAqP8suhaYQalk+6Q3XFPy7wMPOZAmRKyK49eGyXimim8zJals/fZiSDyC0w=
 =cM2i
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Mon 29 Jul 2019 09:30:48 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net/colo-compare.c: Fix memory leak and code style issue.
  net: tap: replace snprintf with g_strdup_printf calls
  qemu-bridge-helper: move repeating code in parse_acl_file
  qemu-bridge-helper: restrict interface name to IFNAMSIZ
  e1000: don't raise interrupt in pre_save()

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-29 12:04:53 +01:00
Peter Maydell
08831f67d3 ppc patch queue (for 4.1) 2019-07-28
Here's a pull request for qemu-4.1, which I hope will be the last from
 the ppc tree.  This applies a couple of last minute fixes for the XIVE
 code.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl09Q8MACgkQbDjKyiDZ
 s5IxcA//U+2ooozi128VDRFH7JUHqDs+riCE9Pz87NSmu54+/QqI9JeH2RlahXLW
 lQMXAz0kPY5mb42oYgOYldSRRGfWwtnJvgtjyMa6lASQ6M84w005mbRNDdfP5/uA
 n/JSXEJbupfWKxsBC4HNrLv13HcfCUp66JGZbrHxM7L2yb3GoNmC1yCqcxfEDq8w
 a5TxB6MK1k/BrXJdImdNxYCF43kyLJvRT3it0n1ZGn0iqebrOx8KF/zuyPTbE8Sl
 rlJBEAnxUceYB046a5C2WaZ2DgprHW8dUofNADQ+3dOkfQkc7DyXNwLDjzguV9si
 DBvEpi1yGliJTzH3UhJUWrflJ6ceYY937ZlDMiLunY1JYlQ5J8D7+FAt6Z19Fxe4
 APD+AbB4DcNY8nfynSB1sdKwSD4++JAANznqegHbKYNr8g2InTMaeiyrGKni1eA5
 sl1QLnUHD8BMfULgyKDRmxiS6R1wp5k2QhLBDMmNzLK7WKU8hMNKcwLkanVRgfw6
 3hgC0fNeml7ZEMdWZ/re4UADrGXeBuURw+4+gGlJxzQq4wPBC0ZfFfgW0W6n/9T1
 XEx3m0aXgx2F+Yu/kivvqEgSqqQVOsjj+s+krkWiIHoaXeIppe4RrqBnWLbu+b1b
 XXW0C+09PqgXGJA0noKAbhWJoX9JrWxtOfFCTH4k+E6AS+kOPog=
 =YqKA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.1-20190728' into staging

ppc patch queue (for 4.1) 2019-07-28

Here's a pull request for qemu-4.1, which I hope will be the last from
the ppc tree.  This applies a couple of last minute fixes for the XIVE
code.

# gpg: Signature made Sun 28 Jul 2019 07:42:11 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-4.1-20190728:
  xics/kvm: Fix fallback to emulated XICS
  spapr/irq: Inform the user when falling back to emulated IC

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-29 11:34:54 +01:00
Peter Maydell
5132f6ea62 RISC-V Patch for 4.1-rc3
This contains a single patch that fixes the warning introduced as part
 of the OpenSBI integration.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAl07hvMTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQQ85D/9DURex3sBcgszAlfsMMkqAfKnSko+E
 O0nl5xpvPibo8j8RR6cyn6hZoUHZc70tR1OK5EtKsaJx44c0JPxwQJJs8mS9cVZc
 4aKGVHBfXlfNrLli7uAUNsTI3pAcc/dxlCP8hXfvuqXWzNPDJto1Uq06KMm9jAPx
 31m9MYTZJPp/ig6CbkAc/8OO75SbJan6CtPOQ4goMXuMnlGNTpuuboS8/MPdIMwm
 51WR+/rwYlngb29ldIi6kAZw8jekwB7RIj1L9tTMfDlFc6ASXF1bTksm1euwNS2Z
 zmIwQmT5A2RNkEvN0KABtH8wopYc7QA3d4rgL3i1PLMtWEAbFFi8RuHzNc4MB18W
 gVPHkSWKiyBqly1EkPv43H4HwbgsRZjhCkd6WEvk5wXuuT8tJe1KjQj/LmXPYFfO
 e/0k/BKdyvG45WYeLk3cp3xZCzvjYer3PuLxuTRx0xN8rzqrE7Z+t/60ERBxBPUg
 TvOPLh4Zb4EIDk0q4szvoSsRB6pBhcO09bN2a+JTT29tu/ZdMhlei3XYB4ot5tBm
 +szgGzwQrEa0X8gtLsrT4WMW1XIXNfzscdKCBlI6kLAjzmslolZPF3Ogz09g7VMg
 KtSnzdIp38DF1e/WFeOp2NA2wUuLOZTDIYnw4eJpFm/Z9bpK2mLPfYnzXRCooN9r
 XM7965OL9L5zvg==
 =j5RK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.1-rc3' into staging

RISC-V Patch for 4.1-rc3

This contains a single patch that fixes the warning introduced as part
of the OpenSBI integration.

# gpg: Signature made Sat 27 Jul 2019 00:04:19 BST
# gpg:                using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41
# gpg:                issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg:                 aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88  6DF8 EF4C A150 2CCB AB41

* remotes/palmer/tags/riscv-for-master-4.1-rc3:
  riscv/boot: Fixup the RISC-V firmware warning

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-29 10:14:24 +01:00
Zhang Chen
f77bed14f0 net/colo-compare.c: Fix memory leak and code style issue.
This patch to fix the origin "char *data" memory leak, code style issue
and add necessary check here.
Reported-by: Coverity (CID 1402785)

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2019-07-29 16:29:30 +08:00
Prasad J Pandit
389abe1dd1 net: tap: replace snprintf with g_strdup_printf calls
When invoking qemu-bridge-helper in 'net_bridge_run_helper',
instead of using fixed sized buffers, use dynamically allocated
ones initialised and returned by g_strdup_printf().

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2019-07-29 16:29:30 +08:00
Prasad J Pandit
3283dde4b5 qemu-bridge-helper: move repeating code in parse_acl_file
Move repeating error handling sequence in parse_acl_file routine
to an 'err' label.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2019-07-29 16:29:30 +08:00
Prasad J Pandit
6f5d867122 qemu-bridge-helper: restrict interface name to IFNAMSIZ
The network interface name in Linux is defined to be of size
IFNAMSIZ(=16), including the terminating null('\0') byte.
The same is applied to interface names read from 'bridge.conf'
file to form ACL rules. If user supplied '--br=bridge' name
is not restricted to the same length, it could lead to ACL bypass
issue. Restrict interface name to IFNAMSIZ, including null byte.

Reported-by: Riccardo Schirone <rschiron@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2019-07-29 16:29:30 +08:00
Jason Wang
f46efa9b08 e1000: don't raise interrupt in pre_save()
We should not raise any interrupt after VM has been stopped but this
is what e1000 currently did when mit timer is active in
pre_save(). Fixing this by scheduling a timer in post_load() which can
make sure the interrupt was raised when VM is running.

Reported-and-tested-by: Longpeng <longpeng2@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2019-07-29 16:29:30 +08:00
Greg Kurz
8d216d8c53 xics/kvm: Fix fallback to emulated XICS
Commit 4812f26152 tried to fix rollback path of xics_kvm_connect() but
it isn't enough. If we fail to create the KVM device, the guest fails
to boot later on with:

[    0.010817] pci 0000:00:00.0: Adding to iommu group 0
[    0.010863] irq: unknown-1 didn't like hwirq-0x1200 to VIRQ17 mapping (rc=-22)
[    0.010923] pci 0000:00:01.0: Adding to iommu group 0
[    0.010968] irq: unknown-1 didn't like hwirq-0x1201 to VIRQ17 mapping (rc=-22)
[    0.011543] EEH: No capable adapters found
[    0.011597] irq: unknown-1 didn't like hwirq-0x1000 to VIRQ17 mapping (rc=-22)
[    0.011651] audit: type=2000 audit(1563977526.000:1): state=initialized audit_enabled=0 res=1
[    0.011703] ------------[ cut here ]------------
[    0.011729] event-sources: Unable to allocate interrupt number for /event-sources/epow-events
[    0.011776] WARNING: CPU: 0 PID: 1 at arch/powerpc/platforms/pseries/event_sources.c:34 request_event_sources_irqs+0xbc/0x150
[    0.011828] Modules linked in:
[    0.011850] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.1.17-300.fc30.ppc64le #1
[    0.011886] NIP:  c0000000000d4fac LR: c0000000000d4fa8 CTR: c0000000018f0000
[    0.011923] REGS: c00000001e4c38d0 TRAP: 0700   Not tainted  (5.1.17-300.fc30.ppc64le)
[    0.011966] MSR:  8000000002029033 <SF,VEC,EE,ME,IR,DR,RI,LE>  CR: 28000284  XER: 20040000
[    0.012012] CFAR: c00000000011b42c IRQMASK: 0
[    0.012012] GPR00: c0000000000d4fa8 c00000001e4c3b60 c0000000015fc400 0000000000000051
[    0.012012] GPR04: 0000000000000001 0000000000000000 0000000000000081 772d6576656e7473
[    0.012012] GPR08: 000000001edf0000 c0000000014d4830 c0000000014d4830 6e6576652f20726f
[    0.012012] GPR12: 0000000000000000 c0000000018f0000 c000000000010bf0 0000000000000000
[    0.012012] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    0.012012] GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[    0.012012] GPR24: 0000000000000000 0000000000000000 c000000000ebbf00 c0000000000d5570
[    0.012012] GPR28: c000000000ebc008 c00000001fff8248 0000000000000000 0000000000000000
[    0.012372] NIP [c0000000000d4fac] request_event_sources_irqs+0xbc/0x150
[    0.012409] LR [c0000000000d4fa8] request_event_sources_irqs+0xb8/0x150
[    0.012445] Call Trace:
[    0.012462] [c00000001e4c3b60] [c0000000000d4fa8] request_event_sources_irqs+0xb8/0x150 (unreliable)
[    0.012513] [c00000001e4c3bf0] [c000000001042848] __machine_initcall_pseries_init_ras_IRQ+0xc8/0xf8
[    0.012563] [c00000001e4c3c20] [c000000000010810] do_one_initcall+0x60/0x254
[    0.012611] [c00000001e4c3cf0] [c000000001024538] kernel_init_freeable+0x35c/0x444
[    0.012655] [c00000001e4c3db0] [c000000000010c14] kernel_init+0x2c/0x148
[    0.012693] [c00000001e4c3e20] [c00000000000bdc4] ret_from_kernel_thread+0x5c/0x78
[    0.012736] Instruction dump:
[    0.012759] 38a00000 7c7f1b78 7f64db78 2c1f0000 2fbf0000 78630020 4180002c 409effa8
[    0.012805] 7fa4eb78 7f43d378 48046421 60000000 <0fe00000> 3bde0001 2c1e0010 7fde07b4
[    0.012851] ---[ end trace aa5785707323fad3 ]---

This happens because QEMU fell back on XICS emulation but didn't unregister
the RTAS calls from KVM. The emulated RTAS calls are hence never called and
the KVM ones return an error to the guest since the KVM device is absent.

The sanity checks in xics_kvm_disconnect() are abusive since we're freeing
the KVM device. Simply drop them.

Fixes: 4812f26152 "xics/kvm: Add proper rollback to xics_kvm_init()"
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <156398744035.546975.7029414194633598474.stgit@bahia.lan>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-07-28 11:50:26 +10:00
Greg Kurz
f5bda01066 spapr/irq: Inform the user when falling back to emulated IC
Just to give an indication to the user that the error condition is
handled and how.

Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <156398743479.546975.14566809803480887488.stgit@bahia.lan>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2019-07-28 11:50:26 +10:00